Coinbase is under mounting legal pressure following its recent disclosure of a significant data breach. The breach exposed sensitive personal information of its users after cybercriminals bribed overseas support staff.
Between May 15 and May 16, at least six class-action lawsuits were filed against the crypto exchange. The plaintiffs accused the company of negligence, weak cybersecurity infrastructure, and a delayed, inadequate response to the incident.
Coinbase Faces Lawsuits and Legal Backlash Over Insider-Linked Data Breach
One of the earliest lawsuits was filed in the U.S. District Court for the Southern District of New York by Paul Bender, who claims that Coinbase failed to implement and maintain basic security protocols to protect users’ data.
Bender’s suit argues that the breach has placed affected users at ongoing risk of identity theft and financial fraud, with the potential for long-term, even permanent, consequences due to the immutable nature of the exposed information.
The complaint further asserts that Coinbase failed to notify users promptly, did not offer identity protection or guidance in the immediate aftermath, and handled the incident in a fragmented and uncoordinated manner.
Zaal Panthaki and Alexander Crous suing Coinbase, alleging the exchange failed to protect their sensitive data. Source: Law360.com
In a separate filing in the same court, Maine resident Zaal Panthaki and Texas-based Alexander Crous made similar allegations, accusing Coinbase of systematically underinvesting data security infrastructure.
Their proposed class action claims the company neglected to adequately train employees who handle sensitive user data, particularly those working through outsourced support vendors abroad.
The suit also contends that Coinbase failed to monitor its third-party vendors and left customer information vulnerable to exploitation.
According to these plaintiffs, the attack exploited serious internal oversight and security hygiene lapses. The hackers were able to gain access to data including user emails, phone numbers, masked account and Social Security numbers, and transaction histories.
Although Coinbase confirmed that private keys and passwords were not compromised, the leaked personally identifying information (PII) is considered highly valuable to scammers, as it can be used to impersonate victims and execute sophisticated phishing and fraud schemes.
Adding to the criticism, another class-action suit filed by California resident Rosemary Ortiz contends that Coinbase could have prevented the breach altogether by securely encrypting or deleting older user data it no longer had a legal or operational reason to retain.
Rosemary Ortiz alleged that Coinbase should have deleted the no longer used information. Source: Law360.c0m
Ortiz argues that Coinbase amplified the breach’s impact by storing unneeded sensitive information.
Although none of the plaintiffs have yet reported direct financial harm as a result of the breach, all claim they now face a lifelong risk of identity-related crimes. They argue that Coinbase’s negligence has forced them to take costly and time-consuming measures to monitor their credit, financial accounts, and personal data for potential misuse.
Global Probe and Payouts After Insider-Led Data Breach
Coinbase, in a blog post published alongside its regulatory filing, disclosed that the breach began with an extortion attempt in which the attackers demanded a $20 million ransom.
The company refused to pay the $20 million ransom and offered a matching bounty to identify and prosecute the attackers. “We’re committed to full transparency,” it stated.
The company has said it fully cooperates with law enforcement and has earmarked between $180 million and $400 million for user reimbursement and remediation efforts, as disclosed in a U.S. SEC filing.
Coinbase noted that security measures have been tightened with added ID checks and scam-awareness prompts, while a new U.S.-based customer support hub is being established.
The company also strengthened insider-threat detection systems and directly contacted affected users.
Coinbase terminated India’s implicated customer support staff and referred them for criminal prosecution.
Despite the scale of the breach, Coinbase has not yet commented publicly on the lawsuits.
The post Coinbase Faces Multiple Lawsuits Over Bribed Support Agents and User Data Leak appeared first on Cryptonews.
